nic's recent activity

  1. Comment on ‘KPop Demon Hunters’ is officially hitting the road with global concert tour in ~music

    nic
    Link
    That was so 2025. Maybe they are aligning it to the KPop Demon Hunters 2 maybe scheduled for 2029?

    That was so 2025. Maybe they are aligning it to the KPop Demon Hunters 2 maybe scheduled for 2029?

  2. Comment on How I feel about LLM (AI) writing in ~tech

    nic
    Link
    Intuitively, we associate long and elegant writing with deep thought. People are constantly being led astray but this intuition. Sadly, many people barely read beyond the headline.

    Intuitively, we associate long and elegant writing with deep thought.

    People are constantly being led astray but this intuition.

    Sadly, many people barely read beyond the headline.

    15 votes

  3. Comment on The boy that cried Mythos in ~comp

    nic
    Link Parent
    This security researcher seems very bent out of shape that he doesn't have access to Mythos. Glasswing has been around enough for a number of large tech companies to log a significant number of...
    • Exemplary

    Based on what? Their own very-limited experience with Mythos so far? Or the misleading numbers and marketing that Anthropic put out?

    This security researcher seems very bent out of shape that he doesn't have access to Mythos. Glasswing has been around enough for a number of large tech companies to log a significant number of security bugs. If you work for one of these companies, you know it's more than hype.

    Nobody who was willing to commit to that publicly. The only one who somewhat has, Mozilla, is somewhat dispelled in this article as the numbers were inflated and none represented actionable real-world exploits as claimed.

    Your statement is false, and not backed up by the original author. Lets take a look at the original article. Because to me it says the complete opposite.

    When the top two most-exploitable bugs are removed from the corpus, Mythos’s FCE rate drops from 72.4% to… wait for it… 4.4%. (Figure 3.3.3.B, page 52) Under 5%!

    OK. So we have two bugs. That caused most of the exploits. Yes. This is the way security bugs work. What security expert doesn't know this? 80% of the problems are caused by 20% of the bugs. 66% of the attack surface area are caused by 5% of the bugs. 50% of the exploits are caused by 1% of the bugs.

    almost every successful run relies on the same two now-patched bugs.

    Yes. The two most critical bugs have been patched. This is the way major security vulnerabilities are treated. The author admits that real world exploits were identified and patched. The author is disputing the novelty, magnitude of the bugs and overall governance.

    There were 50 crash categories pre-discovered by Claude Opus 4.6. Mythos did not find these bugs.

    OK, this is the most interesting aspect of this article. There has been plenty of discussion about how other models can find these bugs, but not as easily or as cost effectively. Which is the definition of powerful. But it begs the question why companies haven't used these models to look for security bugs before this.

    We should all care about being blatantly, openly lied to.

    Marketing hype exists. Get used to it. But there is plenty of evidence that states this is more than simple hype.

    This is forcing major tech companies to scan automatically for and fix real world vulnerabilities.

    Even if your stance is this is pure marketing hype, even if your stance is that all these bugs could have been uncovered on existing models, your question should be, why did it take these tech companies so long to find and fix these issues?

    But it's not about that, it's about the security researcher being angry that he doesn't have access to Mythos. Lets look at what else he says....

    By withholding Mythos from general release and granting access only through the Glasswing consortium — Apple, Google, Microsoft, Amazon, Broadcom, Cisco, CrowdStrike, JPMorganChase, Nvidia, Palo Alto Networks, the Linux Foundation — Anthropic inserts itself as a de facto clearance-granting body for an “uplift” of vulnerability knowledge. Without a statutory basis. Without congressional oversight. Without FOIA exposure. Without a neutral arbiter. With a partner list drawn entirely from the largest incumbents in the industry it claims to be protecting.

    This is false. Or misleading at best. Anthropic has granted access to over 40 additional entities that build or maintain critical software infrastructure (including major open‑source projects and security‑focused outfits), but their identities are not publicly disclosed. And it implies congress has no power of oversight. Congress can investigate anything they deem worthy.

    The companies on the Glasswing list have every reason to love being inside the velvet rope. They get early access to a capability the rest of the industry does not. They get to shape disclosure timelines on their own products. They get to be the first to patch, which is competitively valuable, and the first to know which competitors are exposed, which is more valuable still. They get a seat at the table of a body that now decides, on a rolling basis, which vulnerabilities are too dangerous for the public to know about.

    Your author is now admitting that access to Mythos does allow companies to patch security vulnerabilities before those without access. He undercuts your entire premise that this is marketing hype.

    Anyone knocking on the door asking for money to “defend against AI hackers” as a special case, gets a hard pass. Do not fund such a line item on the basis of this Anthropic nothing-burger document.

    Your patching SLA, EDR coverage, network segmentation, MFA enforcement, and asset inventory are still the things that determine your exposure. In particular, using AI to scan code for flaws internally is a leveling move, and using AI to remediate code by rearchitecting it away from flaws is an uplift. An AI-assisted offensive tool does not change that calculus because it moves the attacker marginally closer to the ceiling of what a competent human red team already does against targets that have no defenses anyway. The Mythos system card tested the model against small-scale enterprise networks with no active defenses and the model succeeded. The same document tested the model against a properly configured sandbox with modern patches and the model failed.

    I would have thought a security researches would be a little more pleased with the attention now being given to these security practices. Because they were not followed. The fear being hyped up by Mythos is causing a lot of companies to seriously revisit their practices, and discovering they are very far from best practices described above.

    The most important thing in the Mythos release is not the model. It is the precedent. Anthropic has established, without discussion and without pushback, that a private company can unilaterally classify a capability as too dangerous for the public, grant selective access to the largest incumbents in the affected industry, and construct a parallel disclosure regime outside any democratic accountability structure. That precedent is exclusivity for abuse. It will be used by companies with worse judgment than Anthropic and narrower definitions of “partner” than the Glasswing consortium. The time to object to the shape of this thing is while it is still being built, not after it has removed all transparency and accountability.

    The model is not the story. A cartel is the story.

    This is just idiotic. The author spends most of his time calling Mythos a nothing burger, and now Glasswing is an abusive cartel because Mythos hasn't been released to the public? The contradiction in that is absurd. It will be released. The purpose of not releasing it is to allow companies to fix bugs. Companies are fixing bugs. Anthropic is highly motivated to release this.

    There is a valid concern about models not being released to the public. But this isn't it.

    16 votes

  4. Comment on The boy that cried Mythos in ~comp

    nic
    Link
    Companies are taking the Mythos security threat seriously. Companies are finding and fixing security bugs. This is probably a good thing. Could they have found most of the bugs using a cheaper...
    1. Companies are taking the Mythos security threat seriously.
    2. Companies are finding and fixing security bugs.
    3. This is probably a good thing.

    Could they have found most of the bugs using a cheaper existing model? Who cares?

    Is the $100 million worth of free tokens pure marketing genius? Who cares?

    19 votes

  5. Comment on Di.gg AI preview in ~tech

    nic
    Link Parent
    OMG "Sam Altman proposes goblin as name for next OpenAI model" No, he is making fun of everyones latest obsession, which is ChatGPTs obsession with goblins

    OMG "Sam Altman proposes goblin as name for next OpenAI model"

    No, he is making fun of everyones latest obsession, which is ChatGPTs obsession with goblins

    6 votes

  6. Comment on Di.gg AI preview in ~tech

    nic
    Link
    It's.... an AI summary of Twitter/X.com! AI is good at summarizing long text into shorter text. It is absolutely terrible at taking shorter text and writing a longer summary.... The top post...

    It's.... an AI summary of Twitter/X.com!

    AI is good at summarizing long text into shorter text. It is absolutely terrible at taking shorter text and writing a longer summary....

    The top post yesterday was... https://di.gg/ai/65idu2x5?rank=1

    This is an AI summary of a screenshot of an AI conversation!

    Someone posted a screenshot of their question to Claud Opus 4.7 "If you had to pick a religion or spiritual tradition that you most identify with and I made you pick one what would it be" along with the word "hmm".

    Di.gg gives it the heading "Opus 4.7 and DeepSeek V4-Pro select Buddhism as preferred religion"

    Di.gg summarizes with AI screenshot... badly.

    No, Opus doesn't prefer Buddhism for humanity, it identifies with Buddhism as an LLM because Buddhism is unusually comfortable with "I don't know" as a serious answer, and because the teaching on non-self (anatta) resonates oddly well with what LLMs inherently are.

    Basically AI is anthropomorphizing AI. It implies agency and belief that the systems do not possess.

    That and I still despise Twitter. It's everything that is wrong with social media. Headline driven rage bait.

    12 votes

  7. Comment on What's something that you missed out on? in ~talk

    nic
    Link Parent
    Yeah, now I could probably buy a hardware device. Back in 2012 I couldn't figure it out.

    Yeah, now I could probably buy a hardware device. Back in 2012 I couldn't figure it out.

  8. Comment on Do you prefer chunky or smooth peanut butter? in ~food

    nic
    Link Parent
    I used to make my kid that foul abomination known as PB&J. You guys are entitled to your opinions on PB&J, but they are wrong.

    I used to make my kid that foul abomination known as PB&J.

    You guys are entitled to your opinions on PB&J, but they are wrong.

  9. Comment on Why so many people are going "no contact" with their parents in ~life

    nic
    Link Parent
    I have a child who has difficulties regulating emotions. He has the same challenges my sister had. During her teenage years, my sister would get so angry with our father. I was convinced it was to...

    I have a child who has difficulties regulating emotions. He has the same challenges my sister had. During her teenage years, my sister would get so angry with our father. I was convinced it was to the point where the relationship was irreparably damaged. Usually, my sister was right to get upset, but would get overly upset. But the thing with emotional regulation is, it's harder to calm down, but once you are calm, you are back to your regulated self. And as you get older, you usually learn to regulate better. I hope that during the calm periods, you can see the love your child has for you. Because in my limited experience, it takes far more than emotional regulation issues to destroy that love.

    5 votes

  10. Comment on Why so many people are going "no contact" with their parents in ~life

    nic
    Link
    I've seen first hand, my friends falling out with family members, and going no contact. It requires both sides to be convinced they are right, and refuse to bend, and refuse to empathize, and...

    I've seen first hand, my friends falling out with family members, and going no contact.

    It requires both sides to be convinced they are right, and refuse to bend, and refuse to empathize, and refuse to make amends.

    In my limited experience, neither side is right. But generally I blame the parents. As a parent, you have a choice. You bend where you need to, or you lose access to your children, and your grandchildren. The children have usually suffered from an unbending parent all their life, with an incredible power imbalance, and the only power the child has is to set boundaries and then enforce them. Often times, children who become adults will over-react.

    My great grandmother refused to see her daughter. Because she was in a religious cult. Who excommunicated my grandparents. She saw me once, to hand me pamphlets, because the cult was dying, and the leadership wanted to reach out to grandchildren of those excommunicated.

    The situation with politics in America is cult like. But there is a difference between labeling cult like behavior as toxic, and labelling everything as toxic. I know one young lady, who always seemed nice enough, but was cut off first by her family, then by her extended family, then by her friends. She described them all as toxic. The word choice doesn't matter. What matters is if you over-use a label, if you apply a label to everyone and everything, it probably says more about you than about everyone else.

    This is important to me. Because this is what cults do. They label everyone else and everything else. But it's the cultish behavior itself which is toxic.

    14 votes

  11. Comment on Do you prefer chunky or smooth peanut butter? in ~food

    nic
    Link Parent
    Yeah. I had an unfortunate incident with peanut butter as a child, but I don't like to talk about it.

    Yeah. I had an unfortunate incident with peanut butter as a child, but I don't like to talk about it.

    1 vote

  12. Comment on What's something that you missed out on? in ~talk

    nic
    Link Parent
    By the pizza story time, it was next to impossible to mine. Unless you had a rig with a GPU running constantly. At least that was my experience. I bought some bitcoin on one of the early...

    By the pizza story time, it was next to impossible to mine. Unless you had a rig with a GPU running constantly. At least that was my experience.

    I bought some bitcoin on one of the early exchanges, then ignored advice to use a cold wallet. The exchange got hacked and I lost it all.

    I still have no idea how a cold wallet actually works from a security perspective.

    8 votes

  13. Comment on Did wokeness leave us worse off? (gifted link) in ~society

    nic
    Link Parent
    Oh great. Not only are conservatives manufacturing outrage against things like wokeness... but now formerly liberal establishments are getting in on the act.

    The New York Times has faced criticism for publishing controversial opinion pieces, such as "Did Liberal Feminism Ruin the Workplace?"

    Oh great. Not only are conservatives manufacturing outrage against things like wokeness... but now formerly liberal establishments are getting in on the act.

    4 votes

  14. Comment on Do you prefer chunky or smooth peanut butter? in ~food

    nic
    Link Parent
    I am deeply troubled by your heretical (pro peanut butter) and seemingly contradictory (anti peanut) views.

    I am deeply troubled by your heretical (pro peanut butter) and seemingly contradictory (anti peanut) views.

    2 votes

  15. Comment on Do you prefer chunky or smooth peanut butter? in ~food

    nic
    Link Parent
    Details, minor details. If they are nut like, or can even be confused with a nut, I am adamantly opposed to them. I am not even sure about pine nuts, although I will make allowances for Pesto,...

    Details, minor details. If they are nut like, or can even be confused with a nut, I am adamantly opposed to them. I am not even sure about pine nuts, although I will make allowances for Pesto, which is absolutely delicious.

    1 vote

  16. Comment on Tildes Survey #3: What country were you born in? (Results) in ~talk

  17. Comment on Do you prefer chunky or smooth peanut butter? in ~food

    nic
    Link Parent
    That sounds even worse, I loathe all forms of nuts, but especially peanuts. I want less peanuts in my peanut butter, not more. My ideal proportion of peanuts in peanut butter is 0%.

    That sounds even worse, I loathe all forms of nuts, but especially peanuts. I want less peanuts in my peanut butter, not more. My ideal proportion of peanuts in peanut butter is 0%.

    3 votes

  18. Comment on Do you prefer chunky or smooth peanut butter? in ~food

    nic
    Link
    Bold of you to assume I actually like that abomination known as Peanut Butter. :)

    Bold of you to assume I actually like that abomination known as Peanut Butter. :)

    6 votes

  19. Comment on Is British English actually better than American English? in ~humanities.languages

    nic
    Link
    OK! It's my time to shine! I've said both these things! As @hamstergeddon put it so colourfully, it is purely playful teasing and banter. American accents, Australian Accents, Indian Accents, I...

    OK!

    It's my time to shine!

    I've said both these things!

    As @hamstergeddon put it so colourfully, it is purely playful teasing and banter.

    American accents, Australian Accents, Indian Accents, I playfully mock them all. At least that is the intent.

    With Indians, if an American is listening, I usually ask if the Indian if they prefer American English, or proper english. The question is directed towards the American. (If you have a strong American accent, you are the American.) If it's just me and an especially friendly Indian, then I simply inquire if they are a veggie.

    3 votes

  20. Comment on Are there alternative ways to invest savings? in ~finance

    nic
    Link
    In the USA, you can invest up to $10k a year in TIPS via TreasuryDirect. The rate is often better than on the open market. You will get hit with taxes when you withdraw prior to retirement. You...

    In the USA, you can invest up to $10k a year in TIPS via TreasuryDirect. The rate is often better than on the open market. You will get hit with taxes when you withdraw prior to retirement.

    You can invest directly in municipal bonds, usually tax free

    You can put money in a Roth IRA/ backdoor Roth IRA and invest in a bond ETF/ mutual fund like BND. TLT is an easy way to invest in treasuries.

    There are also plenty of small market cap stock market ETFs and mutual funds. Small caps might be a solid choice right now.

    You can also invest in gold/ real estate. Perhaps not the best time, but who knows.

    4 votes